Re: client certificates

From: Shaun Wilde (shaun_wilde_at_nospam.nospam)
Date: 04/08/05


Date: Fri, 8 Apr 2005 20:40:58 +0100

Ah - I see - I did wonder if it had to be something like that

since however that I'd like to handle all browsers I'd have to
consider a java applet rather than just an IE solution

Do you know of any examples of these in ActiveX and/or Java?

thanks

Shaun Wilde

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:ezF$wX7OFHA.3292@TK2MSFTNGP12.phx.gbl...
> If you want to sign a document, you will need code running on their
> workstation such as an ActiveX control or downloaded .NET control. The
> private key exists only on the user's workstation, not on the server.
>
> If your code accesses the private key, the user should be prompted for
their
> password on the key (assuming the key is password protected). I'm not
sure
> if this prompting is cached or not, so you would have to test that. Note
> that since this code will be independent of the web page, your code will
> trigger the request for the key password even if they already entered the
> password to view the page with their client certificate.
>
> Joe K.
>
> "Shaun Wilde" <shaun_wilde@nospam.nospam> wrote in message
> news:O4UuHb6OFHA.244@TK2MSFTNGP12.phx.gbl...
> > #1) I'll give it a try
> >
> > #2) I wish to sign a document - to do so I need to send the data to the
> > users browser - and the client will sign it using their client
certificate
> > (if the client ceetificate is protected by a password then the user
should
> > have to enter the password. Why? It is so if the user leaves their
> > terminal
> > unattended then a malicious user cannot sign it on their behalf as they
> > would not know the password. Security!!
> >
> > I just don't know who to do this.
> >
> >
> > "[MSFT]" <lukezhan@online.microsoft.com> wrote in message
> > news:WJBUjjxOFHA.2944@TK2MSFTNGXA01.phx.gbl...
> >> Hello,
> >>
> >> #1) I think IE will display the cached content when you returns and it
> >> doesn't send request to server side. You may disable client cache with:
> >>
> >> <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
> >>
> >> and
> >>
> >> Response.Expire = -1
> >>
> >> #2) Can you explain more on this issue? I am not clear that why you
need
> >> user input the password and why this page cannot be authenticated.
> >>
> >> Thanks,
> >>
> >> Luke
> >>
> >
> >
>
>



Relevant Pages

  • Re: client certificates
    ... workstation such as an ActiveX control or downloaded .NET control. ... private key exists only on the user's workstation, ... If your code accesses the private key, the user should be prompted for their ... password to view the page with their client certificate. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: SSL handshake and client certificate
    ... > Could someone tell me if private key of the client certificate is involved ... > during the SSL handshake with a server? ... the client really has access to the private key]. ...
    (microsoft.public.platformsdk.security)
  • Re: Bi-directional certificate authentication [vs. passwords]
    ... when you use your private key in a ... TLS with client certificate ensures ... The PKI model, which certificates support, is not appropriate for ... Note that SSH keys are PKI-less. ...
    (sci.crypt)
  • Re: Private key access security
    ... authenticate itself in order to talk with web service. ... I have no idea how secure private key can be in Windows XP. ... Say, if I install a client certificate for current user, is it ...
    (microsoft.public.security)
  • Re: Private key access security
    ... authenticate itself in order to talk with web service. ... I have no idea how secure private key can be in Windows XP. ... Say, if I install a client certificate for current user, is it ...
    (microsoft.public.dotnet.security)